secretfinder
SecretFinder is a python script based on LinkFinder (version for burpsuite here), written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.
Details
Category: Static Code Analysis
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/secretfinder:a0283cb
Source URL: https://github.com/m4ll0k/SecretFinder
Parameters
proxy
string
Command:
-p
- Set proxy (host:port)cookie
string
Command:
-c
- Add cookies for authenticated JS filesheaders
string
Command:
-H
- Set headers (Name:Value
Name:Value)input-file
file
requiredCommand:
-i
- Input a fileinput-folder
folder
requiredCommand:
-i
- Input folderinput-string
string
requiredCommand:
-i
- Input a URLfiltering-regex
string
Command:
-r
- RegEx for filtering purposes against found endpoint. (e.g: ^/api/)only-process-this
string
Command:
-n
- Process js url, if it contain the provided string (string;string2..)ignore-if-contains
string
Command:
-g
- Ignore js url, if it contain the provided string (string;string2..)extract-all-js-links
boolean
Command:
-e
- Extract all javascript links located in a page and process itsupport-burp-exported-file
boolean
Command:
-b
- Support burp exported file